Bredolab Botnet Attack Via Fake Facebook Password Reset Notice

Facebook users are warned to be extra cautious when receiving a notification e-mail from the Facebook team informing the recipients that their password has been changed and requesting them to check their new password in an attached document. The attached document is a zip file containing a malicious .exe file and is detected as Trojan Bredolab by security expert, Symantec. This variant of Bredolab connects to a Russian domain and the infected machine is most likely to become part of a Bredolab botnet. The infected computer will be controlled by attackers. It can automatically download and install a variety of other threats. The attackers also can steal users’ information, send out spam emails, etc from the affected PC
.

Trojan.Bredolab is a threat that has been distributed widely and consistently this year. The fake Facebook password reset notice is another new trick for this Trojan to attack PC users particularly Facebook fans. Some Facebook users might check the address of the sender but they would be convinced when the sender is shown support@facebook.com as they might think this is an official and legitimate notice from Facebook.